Slider_Stars_CEE Top500_small_left

Data protection

General information on the processing of personal data by the Coface

The Coface Companies, in relation with their business activity, process personal data within the meaning of Article 4(1) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”). The data are processed for purposes arising from legitimate interests pursued by the Coface Companies, in connection with their insurance, business information and debt collection activities. For this purpose, the Coface Companies may process the following personal data:
  • data of individuals pursuing a business activity,
  • data of individuals representing economic operators, disclosed in public registers;
  • data of individuals being contact persons of enterprises, in connection with their professional function.
Who is the controller of personal data?
Depending on the purpose for which we process the data, the personal data controller will be one or more of the companies of the Coface Group in Austria:
hereinafter referred to as the "Coface SRBIJA d.o.o.".
Address: All companies have their registered offices at Šajkaška 21, Beograd.
Why do we process personal data / what is the purpose of data processing?
Coface SRBIJA d.o.o.processes personal data for the following purposes:
  • the conclusion and execution of  contracts with customers and counterparties;
  • the assessment of credibility of economic operators, including the elaboration of reports and sharing such reports with our customers; to that end, Coface Srbija d.o.o. shall process personal data of individuals pursuing business activity and natural persons representing economic operators, whose data are disclosed in the public registers. The data originate (a) from public registers such as the Commercial register and (b) directly from the enterprises concerned;
  • credit insurance - for that purpose, Coface Srbija d.o.o.processes personal data of our customers’ debtors. The data are provided by our customers.
  • fulfillment of legal obligation such as anti-money laundering and counteracting financing of terrorism, in connection with obligations under the Austrian Anti-Money Laundering and Countering Financing of Terrorism law, e.g.  Financial Markets Anti-Money Laundering Act and other legal provisions which impose on Coface the obligation to register or report certain events and to process personal data for that purpose
  • marketing purposes
What personal data do we process and where do they come from?
Coface SRBIJA d.o.o. process the following personal data:
  • registration and identification details of individuals pursuing business activity originating directly from entrepreneurs or public registers, which are collected by us in connection with our insurance, factoring or debt collection activities;
  • financial data of enterprises, originating directly from enterprises or from contractors of these enterprises, collected by us in connection with our insurance, information or debt collection activities. The financial data may include credit rating and economic viability indicators, calculated automatically on the basis of other information held by us on the economic entity concerned;
  • the contact details of the enterprises and their employees, originating directly from those persons or from contractors of these enterprises, collected by us in connection with our insurance, factoring or recovery activities;
  • data of individuals representing economic operators, disclosed in the public registers;
Does automated decision-making take place, including profiling?
Be informed that the personal data of entrepreneurs included in the Coface economic information system are subject to automated assessment (profiling) for the purposes related to the assessment of the payment risk in accordance with Art. 22 of GDPR. Data processing is carried out for the purposes arising from the legitimate interests of the Coface Companies and data recipients. Any person whose data are processed in such way has the right to object to such processing.
Who are the personal data recipients?
The personal data for which is the Coface SRBIJA d.o.o. are the controller may be made available to:
  • our customers, in the form of reports, for legitimate purposes of those entities related to the verification of business contractors;
  • other companies from the Coface Group, including Coface SRBIJA d.o.o. and foreign companies, for legitimate purposes related to the flow of data within the group of entrepreneurs.
What is the period of the personal data processing?
Coface will retain Personal Data for as long as required or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time Coface have an ongoing relationship with our client and provide the Services; (ii) whether there is a legal obligation to which Coface are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Data subjects rights and means of their execution
All persons whose data are processed by Coface SRBIJA d.o.o. (Data subjects) have the right to request access to their personal data, the right to rectification, erasure or restriction of processing of such data, the right to object to the processing (in cases justified in GDPR) and the right to lodge a complaint with the supervisory authority. Persons whose personal data are processed in marketing purpose has right to object.
Where the processing is based on given consent to the processing of your personal data for one or more specific purposes, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Contact details with regard to the personal data processing
All matters relating to the processing of personal data by Coface SRBIJA d.o.o. should be addressed to:
By Email:
Identification of requesting person
When providing any information containing personal data, Coface SRBIJA d.o.o. may only provide such information to the data subject (or its legal representative). Therefore Coface SRBIJA d.o.o. may require to provide information and documents to sufficiently identify data subject before sending him/her such information.

Frequently Asked Questions on the GDPR

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
On this page you’ll find answers to commonly asked questions, relevant documentation, links to useful external resources, and contact details should you need additional information on the GDPR.

What is the GDPR?

GDPR će zameniti važeću Direktivu EU o zaštiti podataka 95/46/EZ i direktno će se primenjivati u svim državama članicama EU i EEA od 25. maja 2018. godine.

GDPR će značajno promeniti regulatorni pejzaž zaštite podataka u EU, postaviće strože uslove, doći do više kompanija i nametnuti potencijalno više kazne.  Na primer, kompanije su dužne da:

  • Sprovedu programske mere za osiguranje i aktivno dokazuju usaglašenost
  • Sprovedu odgovarajuće tehničke i organizacione mere za zaštitu prava pojedinaca prilikom dizajniranja sistema obrade i prilikom obrade podataka
  • Izvrše procenu uticaja aktivnosti obrade visokog rizika na zaštitu podataka
  • Sprovode Privatnost po dizajnu i Privatnost po pravilu
  • Implementiraju obaveštenja o povredi podataka

How is Coface preparing for the GDPR?

Coface is committed to the protection of personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately.

Coface has established an enterprise-wide GDPR programme, with key executive sponsorship, that covers its impacted subsidiaries and affiliates. Data processing activities that involve data about individuals in the EU are under review, including applications and databases, policies, processes, and procedures to ensure that our employees, partners, and vendors process personal data in compliance with GDPR requirements.

Coface leverages a network of country compliance officers and a Group Compliance team to ensure sustainable compliance with the GDPR going forward.

How will I be affected as a client of Coface?

The GDPR not only applies to organizations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

The GDPR may require updates to certain data privacy provisions of client agreements to reflect the changes required by the GDPR.  If changes in documentation we have in place with you are needed, we will contact you to provide any new privacy terms or notices that are required.

I am a client of Coface outside the EU. How will I be affected?

The GDPR’s territorial scope of application is wider and may apply to organizations that are not based in the EU but offer goods or services to individuals in the EU and/or monitor the behaviour of individuals in the EU. Coface is reviewing all of its processing activities involving individuals in the EU to determine if the broader territorial scope applies.  If applicable, Coface will take the necessary actions, which may include updating Terms and Conditions of business, to reflect the changes required by the GDPR.

Can I see your data privacy policies?

We are working through all our policies and procedures and making updates where necessary to comply with the GDPR.

Coface Privacy Notice will be available shortly for download by clicking on the link below.

Is there a need for 'explicit' or 'unambiguous' consent - and what is the difference?

Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.

Can I update my documentation now to incorporate GDPR compliant clauses?

We have been actively reviewing our client documentation in light of GDPR and engaging with clients as required. We have drafted Coface Privacy Notice, available shortly for download by clicking on the link below, to inform individuals of their rights and how Coface processes personal information in its provision of services.

Downloads & contact


Coface Privacy Notice (May 2018)


Commissioner for Information of Public Importance and Personal Data Protection


if you have additional queries on GDPR implementation, you can:
  • reach out to your Coface Client Relationship Manager; or
  • contact Coface Srbija d.o.o. by email at:; or
  • write to Coface Serbia d.o.o., Šajkaška 21, 11060 Beograd, Srbija; or
  • contact Coface Data Privacy Office by email at:; or
  • write to Data Protection Office / Group Compliance, 1 Place Costes et Bellonte - 92270 Bois-Colombes - FRANCE
  • Serbian
  • English